Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign/Notarize releases #68

Closed
sashkab opened this issue Jul 31, 2019 · 8 comments
Closed

Sign/Notarize releases #68

sashkab opened this issue Jul 31, 2019 · 8 comments

Comments

@sashkab
Copy link

sashkab commented Jul 31, 2019

I just installed Finicky via brew cask install finicky and it turns out that Finicky.app is not signed for GateKeeper and not notarized with Apple.

$ codesign -dvvv  /Applications/Finicky.app
Executable=/Applications/Finicky.app/Contents/MacOS/Finicky
Identifier=net.kassett.finicky
Format=app bundle with Mach-O thin (x86_64)
CodeDirectory v=20100 size=1572 flags=0x2(adhoc) hashes=42+5 location=embedded
Hash type=sha256 size=32
CandidateCDHash sha256=3ad68f568cec6ee63e87ec4968fbda51d630c06e
Hash choices=sha256
CDHash=3ad68f568cec6ee63e87ec4968fbda51d630c06e
Signature=adhoc
Info.plist entries=26
TeamIdentifier=not set
Sealed Resources version=2 rules=13 files=24
Internal requirements count=0 size=12

This results in window like that shown on first start:

screenshot_2019 07 31_085340

I can safely right click and select open to use the app, but it would be nice if this extra step won't be required.

Few links:

I understand this might be time consuming, but should be free to create a developer id to sign and/or notarize the app.

Thanks!

@johnste
Copy link
Owner

johnste commented Jul 31, 2019 via email

@sashkab
Copy link
Author

sashkab commented Jul 31, 2019

Apple Developer account is free, as far as I know. You will need to get your developer certificate and it should be straight forward.

Paid account required if you plan to publish app in the App Store.

@johnste
Copy link
Owner

johnste commented Aug 1, 2019 via email

@johnste
Copy link
Owner

johnste commented Aug 16, 2019

I've been looking into this some more today, and (unless I am mistaken) to generate a developer certificate I need to enroll with the Apple Developer Program, which is 999 SEK (~100 USD) per year. For now this will have to wait.

image

image

@wad3g
Copy link

wad3g commented Oct 11, 2019

Signing/notarizing the app would obv be ideal, but by saying, "..Apple soon will require all macOS Catalina apps to be notarized' is terribly misleading, imo. I would interpret that as I will no longer have the ability to run 3rd party/unsigned apps, and by removing the option to "Allow apps from unknown sources" in the UI it would appear that is correct.

Devs releasing apps, such as finicky, should not be required to sign up and pay for an Apple Developer account. This is just step 1 of the process. It wouldn't surprise me if in the future actually won't be to run 3rd party/unsigned apps at all.

This change, obviously centered around "security" of it's users. While a large portion of macOS users will be less vulnerable, some of the users who need to run these types of apps are going to be more vulnerable by completely disabling Gatekeeper with sudo spctl --master-disable.

/rant

@johnste 'preciate all the work you've put into finicky. It flies under the radar since you don't actually interact with the app when it's doing it's thing the control it give you/ability to coral work versus personal items is soooo underrated.

@schrej
Copy link

schrej commented Oct 16, 2019

Afaik you can still run unsigned apps using ctrl-click > open, like you used to, no need to completely disable gatekeeper.

@bartvdo
Copy link

bartvdo commented Oct 17, 2019

Note that Little Snitch will put up a not signed warning as well when Finicky looks up a url (for example because of expanding shortend urls) that is intercepted.

I didn't have any problem opening it though when installing thru homebrew. My settings are slightly lower in security already.

@johnste
Copy link
Owner

johnste commented Jun 10, 2020

Fixed in Finicky 3.0.0 https://github.com/johnste/finicky/releases/tag/v3.0.0

@johnste johnste closed this as completed Jun 10, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

5 participants